aboutsummaryrefslogtreecommitdiffstats
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* prog: add support for decimal/octal arguments in text formatAlexander Potapenko2 days1-3/+4
| | | | | | | | | | | Previously, the parser only expected the '0' character to begin an integer argument, which effectively meant it only handled hexadecimal formatting (e.g., `0x...`) when parsing arguments. This change modifies parseArgImpl() to route any starting digit ('0'-'9') to the integer parsing logic. Since `strconv.ParseUint` already handles base-10 parsing using the "0" base flag, this cleanly enables the parser to natively deserialize decimal and octal arguments.
* pkg/aflow/flow/repro: give agent relevant docsDmitry Vyukov3 days1-0/+15
| | | | | | | LLM seems to have some knowledge about syzkaller program syntax, but presumably it's still useful to give it all details about syntax. Update #6878
* docs: update grey coverage color descriptionNikolay Ivchenko10 days2-8/+4
| | | | | | | | | | | Commit 59578253057fc4e1d0d94e5bc7afb12be5cf0642 removed the weak-uncovered functionality, but the documentation still contains the description for the old coloring scheme. Currently, lines in functions that were never executed are rendered as grey (#505050), merging them with non-instrumented code. This change updates the documentation to reflect that the grey color now indicates that either the code is not instrumented or the function containing the line was never executed.
* syz-agent: add MCP serverDmitry Vyukov2026-02-181-0/+111
| | | | | | The MCP server exports all aflow tools (and actions as tools) we have. Fixes #6763
* pkg/mgrconfig: allow exact matches bypass snapshot checkAleksandr Nogikh2026-01-211-3/+4
| | | | | | | | | | | Allowing all enable_syscalls override (snapshot) attribute is too permissive and leads to unwanted syscalls being enabled in typical syzkaller configurations. Only allow it when the syscall is specified by its exact name in enable_syscalls. Refactor the method and add a test.
* docs: update coverage.mdAleksandr Nogikh2026-01-211-3/+3
| | | | | | The docs file has become outdated. Fixes #6638.
* docs: tweak syzos.md to reflect void argumentsAlexander Potapenko2026-01-151-1/+1
|
* docs: minor changes to syzos.mdAlexander Potapenko2026-01-141-0/+12
| | | | Make it clearer how to add new commands.
* docs: fix section numbering error in syzos.md6eanut2026-01-131-2/+2
|
* docs: add syzos.mdAlexander Potapenko2026-01-131-0/+214
| | | | Initial commit of the SYZOS technical documentation
* prog: support snapshot-only callsDmitry Vyukov2026-01-021-3/+7
| | | | Update #5308
* tools/create-image.sh: update default Debian release to trixieAndrew Donnellan2025-12-119-32/+32
| | | | | | | | | | Debian bullseye is now oldoldstable, so update the default release to trixie. While we're at it, update documentation references to old Debian releases to match. Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
* vm: implement the VM interface for VirtualBoxKuzey Arda Bulut2025-11-142-0/+107
| | | | | | | | | | This change adds VirtualBox support to syzkaller. It implements the VM interface for VirtualBox and provides: - full VM lifecycle operations (create, boot, stop, snapshot restore) - serial console hookup and integration with the output merger - proper boot wait logic similar to qemu, using SSH readiness - boot-time crash capture using collected console output
* docs/linux: update buildroot link in qemu setupBabak Huseynov2025-11-041-1/+1
|
* docs/translations: add the translation of maintaining.mdQGrain2025-10-151-0/+39
| | | | | | Finish the translation of docs/maintaining.md, which has been proofread by HCTT. Update to commit 0773c42 ("docs: fix misspellings").
* docs/translations: add the translation of strace.mdQGrain2025-10-151-0/+34
| | | | | | Finish the translation of docs/strace.md, which has been proofread by HCTT. Update to commit a87f559 ("docs: typo fixes").
* docs/translations: add the translation of syz_verifier.mdQGrain2025-10-151-0/+80
| | | | | | Finish the translation of docs/syz_verifier.md, which has been proofread by HCTT. Update to commit aeb6ec6 ("docs: mention that syz-verifier is broken").
* docs/translations: add the translation of syz_testbed.mdQGrain2025-10-151-0/+169
| | | | | | Finish the translation of docs/syz_testbed.md, which has been proofread by HCTT. Update to commit d4d447c ("tools/create-image.sh: upgrade default release to bullseye").
* docs: update kfuzztest.mdEthan Graham2025-09-291-3/+8
| | | | | | | | | Update kfuzztest.md to reflect some recent changes. In particular: - Point to the newest kernel pull request (PR v2) instead of the outdated RFC v1 patch series. - Change example description, as commit 0ac7291ca introduced a new input parameter for syz_kfuzztest_run.
* docs: add KFuzzTest documentationEthan Graham2025-09-222-0/+255
| | | | | | | Add documentation for syzkaller's KFuzzTest integration, and a separate documentation file for the syz-kfuzztest program. Signed-off-by: Ethan Graham <ethangraham@google.com>
* kfuzztest: introduce syz_kfuzztest_run pseudo-syscallEthan Graham2025-09-221-0/+1
| | | | | | | | | | | | | Add syz_kfuzztest_run pseudo-syscall, KFuzzTest attribute, and encoding logic. KFuzzTest targets, which are invoked in the executor with the new syz_kfuzztest_run pseudo-syscall, require specialized encoding. To differentiate KFuzzTest calls from standard syzkaller calls, we introduce a new attribute called KFuzzTest or "kfuzz_test" in syzkaller descriptions that can be used to annotate calls. Signed-off-by: Ethan Graham <ethangraham@google.com>
* docs/contributing.md: remove deprecated instructions to use ghcrDaniel2025-09-221-13/+0
|
* docs: update USB documentationAndrey Konovalov2025-09-111-48/+127
|
* prog: pkg/compiler: docs: introduce the `no_squash` attributeAlexander Potapenko2025-09-091-0/+3
| | | | | | | | | | | | | | | | | The `no_squash` per-syscall attribute prevents the fuzzer from generating squashed arguments to a particular syscall. This is particularly helpful for pseudo-syscalls with elaborate arguments that are hard to reason about when they are squashed - e.g. for syz_kvm_add_vcpu() that takes a SYZOS program as an input. I've considered an alternative solution that prohibits ANY for all pseudo-syscalls. But there is a bunch of existing programs (both the tests and the repros) for syscalls like syz_mount_image() for which the benefit of not passing ANY is not immediately obvious. I therefore decided to go with an explicit attribute that can later be enforced for every pseudo-syscall at compile time.
* docs/setup_linux-host_qemu-vm_riscv64-kernel.md: short change description6eanut2025-08-211-1/+1
|
* docs/linux: add instructions for fuzzing Linux x86-64 kernel on Android ↵Jiaming Zhang2025-08-202-0/+205
| | | | | | | | virtual device Add new page for fuzzing Linux x86-64 kernel on Android virtual device. It explains how to build and run Android Generic System Image and Generic Kernel Image on Ubuntu host.
* docs: fix misspellingsTaras Madan2025-08-1910-14/+14
| | | | Gemini CLI experiments side effect.
* docs: update reporting_kernel_bugs.mdAlexander Potapenko2025-07-181-1/+1
| | | | Emphasize source files and line numbers
* doc: fix sourcedir variable nameMoritz Buhl2025-07-181-1/+1
| | | | Commit d34313c changed the sourcedir variable in the syz-extract command but did not adjust the text beneath it.
* docs/research.md: remove duplicate entriesDaniel2025-07-091-2/+0
| | | | Remove duplicate entry and annoucement by Daimeng Wang of the later published work "SyzVegas".
* docs/research.md: add reference to SyzGPT (ISSTA'25)QGrain2025-06-301-0/+1
| | | | | | SyzGPT is the first LLM-assisted kernel fuzzing framework aiming at generating effective seeds (Syz-programs) for the rarely covered syscalls during kernel fuzzing. Refer to our repo for more details.
* all: fix typosRoman A2025-06-162-3/+3
|
* docs/translations: add the translation of pseudo_syscalls.mdQGrain2025-05-091-0/+44
| | | | | | Finish the translation of docs/pseudo_syscalls.md, which has been proofread by HCTT translation team. Update to commit 0b3dad4606c0 ("pkg/vminfo: move feature checking to host").
* docs/translations: add the translation of adding_new_os_support.mdQGrain2025-05-091-0/+54
| | | | | | Finish the translation of docs/adding_new_os_support.md, which has been proofread by HCTT translation team. Update to commit db5852f9fc90 ("docs/adding_new_os_support.md: fix a typo").
* docs/translations: add the translation of db.mdQGrain2025-05-091-0/+62
| | | | | | Finish the translation of docs/db.md, which has been proofread by HCTT translation team. Update to commit 36c961ad9dc0 ("tools/syz-db: add more usage info for syz-db").
* doc: bisect: add `compiler_type` entryMatthieu Baerts2025-05-091-0/+1
| | | | | It looks like it is mandatory to avoid this error: unsupported bisect compiler:
* docs: update USB documentationAndrey Konovalov2025-04-301-54/+94
| | | | Many assorted updates.
* docs: mention that syz-verifier is brokenAleksandr Nogikh2025-04-281-0/+3
| | | | | | Don't confuse the users by making it look like the tool works. Fixes #5950.
* docs/troubleshooting.md: fix typoMirko Covizzi2025-04-251-1/+1
| | | | | | Fixes a typo. Signed-off-by: Mirko Covizzi <mrkcvzz@gmail.com>
* docs/syzbot_assets.md: fix typosMirko Covizzi2025-04-251-2/+2
| | | | | | Fixes a few typos. Signed-off-by: Mirko Covizzi <mrkcvzz@gmail.com>
* pkg/mgrconfig: add a sample syzkaller configAleksandr Nogikh2025-03-202-2/+2
| | | | | Add a sample syzkaller config with comments so that we could refer to it in the tutorials.
* docs/linux: update go versionzt20xx2025-03-191-3/+3
|
* docs/research.md: add A Little Goes a Long Way papers4nsec2025-03-171-0/+1
|
* docs/syscall_descriptions_syntax.md: short change description许佳凯2025-03-051-6/+18
|
* prog: annotate image assets with fsck logsFlorent Revest2024-12-091-1/+4
| | | | | | | | | | | | | | | | | | Syscall attributes are extended with a fsck command field which lets file system mount definitions specify a fsck-like command to run. This is required because all file systems have a custom fsck command invokation style. When uploading a compressed image asset to the dashboard, syz-manager also runs the fsck command and logs its output over the dashapi. The dashboard logs these fsck logs into the database. This has been requested by fs maintainer Ted Tso who would like to quickly understand whether a filesystem is corrupted or not before looking at a reproducer in more details. Ultimately, this could be used as an early triage sign to determine whether a bug is obviously critical.
* tools/syz-env: add local build optionStefan Wiehler2024-11-291-0/+6
| | | | Useful for testing local Dockerfile changes that have not been pushed yet.
* docs: update reproduction instructionsAleksandr Nogikh2024-11-299-92/+84
| | | | | | | 1. Get rid of executing_syzkaller_programs.md as it now mostly overlaps with reproducing_crashes.md. 2. Update the instructions on building the kernel with syzbot compilers. 3. Update the links throughout the documentation.
* docs: rewrite reproducing_crashes.mdAleksandr Nogikh2024-11-251-25/+169
| | | | | | | | | | Let's list all the possible ways of reproducing syzkaller crashes locally and keep the instructions of how to manually craft a reproducer at the bottom. Add information about the ktest tooling - now it also automates the reproduction of syzbot bugs. See the discussion at: https://groups.google.com/g/syzkaller/c/UTPrWcJfS8Q/m/K1YXz-f1AQAJ
* all: support || operator in syzlang if conditionJiao, Joey2024-11-131-1/+2
| | | | | | | | | | | ex. f3 field has logic or operator in if condition: conditional_struct { mask int32 f1 field1 (if[value[mask] & FIELD_FLAG1]) f2 int64 (if[value[mask] & FIELD_FLAG2]) f3 int64 (if[value[mask] == FIELD_FLAG1 || value[mask] == FIELD_FLAG2]) } [packed]
* docs: add two more talksAleksandr Nogikh2024-11-011-0/+2
|
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 17:19:36 +0000